diff options
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/fail2ban/ChangeLog | 10 | ||||
-rw-r--r-- | net-analyzer/fail2ban/Manifest | 19 | ||||
-rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.1.ebuild | 61 | ||||
-rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.3-r1.ebuild (renamed from net-analyzer/fail2ban/fail2ban-0.8.2.ebuild) | 11 | ||||
-rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.3.ebuild | 56 | ||||
-rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch | 277 |
6 files changed, 308 insertions, 126 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog index acb1cf9ae579..957402f7bd39 100644 --- a/net-analyzer/fail2ban/ChangeLog +++ b/net-analyzer/fail2ban/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-analyzer/fail2ban # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.46 2009/06/01 19:48:27 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.47 2009/08/23 21:04:47 a3li Exp $ + +*fail2ban-0.8.3-r1 (23 Aug 2009) + + 23 Aug 2009; Alex Legler <a3li@gentoo.org> -fail2ban-0.8.1.ebuild, + -fail2ban-0.8.2.ebuild, -fail2ban-0.8.3.ebuild, +fail2ban-0.8.3-r1.ebuild, + +files/fail2ban-CVE-2009-0362.patch: + Non-maintainer commit: Revbump to fix security bug 258866. Removing + unneeded vulnerable versions. 01 Jun 2009; Peter Volkov <pva@gentoo.org> -fail2ban-0.6.2-r1.ebuild: Removed vulnerable version, bug #271687, thank Robert Buchholz for report. diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest index ccf50ec497f5..3e0492fbfcf2 100644 --- a/net-analyzer/fail2ban/Manifest +++ b/net-analyzer/fail2ban/Manifest @@ -1,13 +1,20 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX fail2ban-0.8.0-regexp.patch 854 RMD160 24caae16d90adcf39577bd641ff6a09857908f73 SHA1 c5f47134328744a1597b8fcb67105ec82d61a14c SHA256 6019024dbf067f8a78618eb728f3afef90daa75bbcd201be2119c323c1afd6d1 +AUX fail2ban-CVE-2009-0362.patch 12686 RMD160 d8d578cc772e2f77d69131b7b0d0ffc6fbd9f331 SHA1 f14eb8fa69c227f6b7918bc12d91fa2ab7ec5620 SHA256 6ae5177c2a29822863fdae8806a53401f523fc65c5b7595f9b0516eccb8bc0e8 AUX fail2ban-logrotate 163 RMD160 8b64b7af9c0ee6bb9064f5858c0e58cda0609958 SHA1 287a067a369b1da6ddfee855e4950d6b222e2ba2 SHA256 6a668bc9383371f258eae6008b925a18d587e6120edd4a7add3e1a20ac3ca4b0 AUX fail2ban.conf.d 217 RMD160 7d8b079d1b569caf1d822af0ec8a040723f492c5 SHA1 9592b732be3d96699c9872add7287e82260f37c0 SHA256 e35f1f820bfe5ecaac2696d60155c348d84af428e8c615e97b900c24a587d233 DIST fail2ban-0.8.0.tar.bz2 55726 RMD160 16c033a9fbd10a468ac62d6ba31becf5966a5647 SHA1 b48c8ed269dfc6b2901573ac83c9680abb09e342 SHA256 ef60f601a8766128910f08ca5e731782d7ca17c014dcf6ab54982e7ae59bd5f6 -DIST fail2ban-0.8.1.tar.bz2 58321 RMD160 7f695e2efc4af3fe21657a4d1613cd7beeb623ad SHA1 89eee4c31357581dd5d5da7ea4cf28d2717d470a SHA256 3c3adc67c5f2b4fc72c9ea22e52c4cdfd9f901f6c238616416444560f56f6403 -DIST fail2ban-0.8.2.tar.bz2 61534 RMD160 7818d526e1af47fac35edc1d60bf2e6da1253d06 SHA1 f4a41ca782b51f1b5fd579c20ef310004a9974f9 SHA256 9ee445fa4149c7376f75bbda1dbdb48626fbeb29cb8bd0c16509ebfd7f22dc3a DIST fail2ban-0.8.3.tar.bz2 64028 RMD160 ba0704371e989ded372915e7cc4b2ec4c46899b2 SHA1 0cb9f058fb93523f0f34e26d324ba4ed6be8248d SHA256 b32fd9ee849bf36d23685a91d1d96f29a2fa383069d7d789e4956c9268dca5cd EBUILD fail2ban-0.8.0-r1.ebuild 1412 RMD160 08f679c390b1ca7fa63b0af067b25f7a3ef775c8 SHA1 ac33e15fb1733ceb768f6fa880f7fa30016493ba SHA256 a265aeeb5486e93416867510354363bc232007c62e3438093244b91920c3c2b7 -EBUILD fail2ban-0.8.1.ebuild 1813 RMD160 7c389a71cf7f4ef93db9aafc70cc7b5d11912d5b SHA1 a561cfe3dc40d535bce2ac904d528f8e7c52347d SHA256 cd11f72ae9d99fa39c7e21878cab6454cde126fe37a7cf90bcea5dcd1fbc0904 -EBUILD fail2ban-0.8.2.ebuild 1634 RMD160 08c07dfc2b794f9e8da8edd564cf441bd9b25a1b SHA1 772a92df5eae8f14c8e3b9ef732e07b1227f4200 SHA256 28790d0db93d586c4a9ba170cd1e579f42447a2f3f75c7f8fce69a5ba2fbda4a -EBUILD fail2ban-0.8.3.ebuild 1629 RMD160 f1658fc56dc31e4b070e8caa505a68e394bb36c6 SHA1 5769ac437e24c4b42727606801fe3f91032d8425 SHA256 e8551054e1647db34da05718c15e27ff8d31be88311c80ad13de573ee5c3c40e -MISC ChangeLog 7406 RMD160 5376e0e93598d3e89ad9e12176fd66e5d716aecc SHA1 e4b3080b7b0b6c1055396a807fbf926dc24776e4 SHA256 c841d794f9bf86354389dfbc94d68189e9d54ee78b75d7ea881f26aad5335a61 +EBUILD fail2ban-0.8.3-r1.ebuild 1724 RMD160 028c4d4f10b3153b4da6aeba011ccfbeafaf4642 SHA1 1b2c480aeda48bf63a152b24fed98b9a57c8eb4a SHA256 01cb006256ba3e7917e85817a05194230b9dda0c263485a92cce31c486b6416f +MISC ChangeLog 7729 RMD160 24f2baef01368d28fce795ecd9448e0cd493e796 SHA1 3e1f24f3a69586e94952dbc59bbfddb4854abd12 SHA256 ca00917a9ef8b0b2b7bdb6d949f7b8c5b9d774ed4109569a18aa5a0bf2c9c1f0 MISC metadata.xml 159 RMD160 28e799fe0fd02aaab9d4bbe5595f133101606f5b SHA1 9f5df3eabd621951a959cc8e0e2e0d352cd1fe1e SHA256 b75c711bd971e46f0ec957e833c60879b0c5023e0bb94409a6255781b69f6dc6 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.11 (GNU/Linux) + +iEYEARECAAYFAkqRrtsACgkQaGsKqSU7eCTRtACfVQgAQle5aRzZUa/NLzaWDJ8b +LAYAn2MeK9e2lJ4jKjWKWRxvmEUqH7gm +=kOoH +-----END PGP SIGNATURE----- diff --git a/net-analyzer/fail2ban/fail2ban-0.8.1.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.1.ebuild deleted file mode 100644 index 664b35edd45f..000000000000 --- a/net-analyzer/fail2ban/fail2ban-0.8.1.ebuild +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.1.ebuild,v 1.5 2008/06/15 09:21:26 zmedico Exp $ - -inherit distutils - -DESCRIPTION="Bans IP that make too many password failures" -HOMEPAGE="http://fail2ban.sourceforge.net/" -SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~x86 ~x86-fbsd" -IUSE="" - -DEPEND=">=dev-lang/python-2.4" -RDEPEND="${DEPEND} - virtual/mta" - -src_install() { - distutils_src_install - - newconfd files/gentoo-confd fail2ban - newinitd files/gentoo-initd fail2ban - dodoc CHANGELOG README TODO || die "dodoc failed" - doman man/*.1 || die "doman failed" - - # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. - # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 - insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}-logrotate ${PN} || die -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-0.7" - previous_less_than_0_7=$? -} - -pkg_postinst() { - if [[ $previous_less_than_0_7 = 0 ]] ; then - elog - elog "Configuration files are now in /etc/fail2ban/" - elog "You probably have to manually update your configuration" - elog "files before restarting Fail2ban!" - elog - elog "Fail2ban is not installed under /usr/lib anymore. The" - elog "new location is under /usr/share." - elog - elog "You are upgrading from version 0.6.x, please see:" - elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" - fi -} - -pkg_setup() { - if ! built_with_use dev-lang/python readline ; then - echo - eerror "dev-lang/python is missing readline support. Please add" - eerror "'readline' to your USE flags, and re-emerge dev-lang/python." - die "dev-lang/python needs readline support" - fi -} diff --git a/net-analyzer/fail2ban/fail2ban-0.8.2.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.3-r1.ebuild index b6967166e95e..2f63b63a75f5 100644 --- a/net-analyzer/fail2ban/fail2ban-0.8.2.ebuild +++ b/net-analyzer/fail2ban/fail2ban-0.8.3-r1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2008 Gentoo Foundation +# Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.2.ebuild,v 1.4 2008/06/21 11:02:09 bluebird Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.3-r1.ebuild,v 1.1 2009/08/23 21:04:47 a3li Exp $ inherit distutils @@ -17,6 +17,13 @@ DEPEND=">=dev-lang/python-2.4" RDEPEND="${DEPEND} virtual/mta" +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${PN}-CVE-2009-0362.patch" +} + src_install() { distutils_src_install diff --git a/net-analyzer/fail2ban/fail2ban-0.8.3.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.3.ebuild deleted file mode 100644 index 831030f44bfc..000000000000 --- a/net-analyzer/fail2ban/fail2ban-0.8.3.ebuild +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.3.ebuild,v 1.1 2008/07/30 14:40:56 jer Exp $ - -inherit distutils - -DESCRIPTION="Bans IP that make too many password failures" -HOMEPAGE="http://fail2ban.sourceforge.net/" -SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="" - -DEPEND=">=dev-lang/python-2.4" -RDEPEND="${DEPEND} - virtual/mta" - -src_install() { - distutils_src_install - - diropts -m 0755 -o root -g root - dodir /var/run/${PN} - keepdir /var/run/${PN} - - newconfd files/gentoo-confd fail2ban - newinitd files/gentoo-initd fail2ban - dodoc ChangeLog README TODO || die "dodoc failed" - doman man/*.1 || die "doman failed" - - # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. - # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 - insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}-logrotate ${PN} || die -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-0.7" - previous_less_than_0_7=$? -} - -pkg_postinst() { - if [[ $previous_less_than_0_7 = 0 ]] ; then - elog - elog "Configuration files are now in /etc/fail2ban/" - elog "You probably have to manually update your configuration" - elog "files before restarting Fail2ban!" - elog - elog "Fail2ban is not installed under /usr/lib anymore. The" - elog "new location is under /usr/share." - elog - elog "You are upgrading from version 0.6.x, please see:" - elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" - fi -} diff --git a/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch b/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch new file mode 100644 index 000000000000..a22132e9c46f --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch @@ -0,0 +1,277 @@ +Patch for bug 258866. Taken via svn diff from upstream SVN. +Removed Changelog and cyrus filter changes as they didn't apply. --a3li + +Index: testcases/filtertestcase.py +=================================================================== +--- testcases/filtertestcase.py (revision 727) ++++ testcases/filtertestcase.py (revision 728) +@@ -99,7 +99,7 @@ + output = ('193.168.0.128', 3, 1124013599.0) + + self.__filter.addLogPath(GetFailures.FILENAME_01) +- self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)") ++ self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>") + + self.__filter.getFailures(GetFailures.FILENAME_01) + +@@ -116,7 +116,7 @@ + output = ('141.3.81.106', 4, 1124013539.0) + + self.__filter.addLogPath(GetFailures.FILENAME_02) +- self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)") ++ self.__filter.addFailRegex("Failed .* from <HOST>") + + self.__filter.getFailures(GetFailures.FILENAME_02) + +@@ -133,7 +133,7 @@ + output = ('203.162.223.135', 6, 1124013544.0) + + self.__filter.addLogPath(GetFailures.FILENAME_03) +- self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown") ++ self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown") + + self.__filter.getFailures(GetFailures.FILENAME_03) + +@@ -151,7 +151,7 @@ + ('212.41.96.185', 4, 1124013598.0)] + + self.__filter.addLogPath(GetFailures.FILENAME_04) +- self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)") ++ self.__filter.addFailRegex("Invalid user .* <HOST>") + + self.__filter.getFailures(GetFailures.FILENAME_04) + +Index: config/filter.d/postfix.conf +=================================================================== +--- config/filter.d/postfix.conf (revision 727) ++++ config/filter.d/postfix.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = reject: RCPT from (.*)\[<HOST>\]: 554 +Index: config/filter.d/sshd.conf +=================================================================== +--- config/filter.d/sshd.conf (revision 727) ++++ config/filter.d/sshd.conf (revision 728) +@@ -20,7 +20,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$ +Index: config/filter.d/courierlogin.conf +=================================================================== +--- config/filter.d/courierlogin.conf (revision 727) ++++ config/filter.d/courierlogin.conf (revision 728) +@@ -12,7 +12,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$ +Index: config/filter.d/sasl.conf +=================================================================== +--- config/filter.d/sasl.conf (revision 727) ++++ config/filter.d/sasl.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ +Index: config/filter.d/exim.conf +=================================================================== +--- config/filter.d/exim.conf (revision 727) ++++ config/filter.d/exim.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address) +Index: config/filter.d/qmail.conf +=================================================================== +--- config/filter.d/qmail.conf (revision 727) ++++ config/filter.d/qmail.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST> +Index: config/filter.d/xinetd-fail.conf +=================================================================== +--- config/filter.d/xinetd-fail.conf (revision 727) ++++ config/filter.d/xinetd-fail.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + # Cfr.: /var/log/(daemon\.|sys)log +Index: config/filter.d/vsftpd.conf +=================================================================== +--- config/filter.d/vsftpd.conf (revision 727) ++++ config/filter.d/vsftpd.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$ +Index: config/filter.d/pure-ftpd.conf +=================================================================== +--- config/filter.d/pure-ftpd.conf (revision 727) ++++ config/filter.d/pure-ftpd.conf (revision 728) +@@ -16,7 +16,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ +Index: config/filter.d/couriersmtp.conf +=================================================================== +--- config/filter.d/couriersmtp.conf (revision 727) ++++ config/filter.d/couriersmtp.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = error,relay=<HOST>,.*550 User unknown +Index: config/filter.d/proftpd.conf +=================================================================== +--- config/filter.d/proftpd.conf (revision 727) ++++ config/filter.d/proftpd.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$ +Index: config/filter.d/apache-noscript.conf +=================================================================== +--- config/filter.d/apache-noscript.conf (revision 727) ++++ config/filter.d/apache-noscript.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failure messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) +Index: config/filter.d/apache-auth.conf +=================================================================== +--- config/filter.d/apache-auth.conf (revision 727) ++++ config/filter.d/apache-auth.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failure messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = [[]client <HOST>[]] user .* authentication failure +Index: config/filter.d/webmin-auth.conf +=================================================================== +--- config/filter.d/webmin-auth.conf (revision 727) ++++ config/filter.d/webmin-auth.conf (revision 728) +@@ -15,7 +15,7 @@ + # Notes.: regex to match the password failure messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = webmin.* Non-existent login as .+ from <HOST>$ +Index: config/filter.d/common.conf +=================================================================== +--- config/filter.d/common.conf (revision 727) ++++ config/filter.d/common.conf (revision 728) +@@ -3,7 +3,7 @@ + # + # Author: Yaroslav Halchenko + # +-# $Revision: 1.1 $ ++# $Revision: 1.1 $ + # + + [INCLUDES] +Index: config/filter.d/sshd-ddos.conf +=================================================================== +--- config/filter.d/sshd-ddos.conf (revision 727) ++++ config/filter.d/sshd-ddos.conf (revision 728) +@@ -11,7 +11,7 @@ + # Notes.: regex to match the password failures messages in the logfile. The + # host must be matched by a group named "host". The tag "<HOST>" can + # be used for standard IP/hostname matching and is only an alias for +-# (?:::f{4,6}:)?(?P<host>\S+) ++# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) + # Values: TEXT + # + failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ +Index: server/failregex.py +=================================================================== +--- server/failregex.py (revision 727) ++++ server/failregex.py (revision 728) +@@ -44,7 +44,7 @@ + self._matchCache = None + # Perform shortcuts expansions. + # Replace "<HOST>" with default regular expression for host. +- regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)") ++ regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)") + if regex.lstrip() == '': + raise RegexException("Cannot add empty regex") + try: +Index: server/filter.py +=================================================================== +--- server/filter.py (revision 727) ++++ server/filter.py (revision 728) +@@ -492,7 +492,7 @@ + + class DNSUtils: + +- IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}") ++ IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$") + + #@staticmethod + def dnsToIp(dns): |